Konqueror does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ CAN-2004-0721 Affects: 3AS 3ES 3WS 3Desktop CAN-2004-0721 Maybe Affects: 2.1AS 2.1AW 2.1ES 2.1WS As found Jul01
it's kdelibs. i assign it to correct component
This issue does affect RHEL2.1.
Created attachment 102541 [details] post-3.0.5b-kdebase-htmlframes.patch These are the lastest round of patches that fix some issues upstream discovered with the old patches.
Created attachment 102542 [details] post-3.0.5b-kdelibs-htmlframes.patch
Created attachment 102543 [details] post-3.1.5-kdebase-htmlframes.patch
Created attachment 102544 [details] post-3.1.5-kdelibs-htmlframes.patch
Created attachment 102545 [details] post-3.2.3-kdebase-htmlframes.patch
Created attachment 102546 [details] post-3.2.3-kdelibs-htmlframes.patch
kdelibs/kdebase are already built for RHEL3/2.1AS
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-412.html
Should there be an ERRATA for RHEL2.1AS? For all other EL versions there is kdebase & kdelibs. 2.1AS only has kdelibs.
The missing files should be available now. Thanks for catching that.